CVE-2025-5335 is a vulnerability identified in Autodesk Installer version 2.13, categorized under CWE-426 (Untrusted Search Path). This vulnerability arises because the installer application uses an untrusted search path to locate binaries during its execution process. An attacker with the ability to place a malicious binary in a directory that the installer searches before the legitimate binary can cause the installer to execute this malicious code instead. This leads to escalation of privileges to NT AUTHORITY/SYSTEM, the highest privilege level on Windows systems. The vulnerability requires local access and some user interaction, such as running the installer or triggering its execution path. The CVSS v3.1 score is 7.8, reflecting high severity due to the potential for complete system compromise, including confidentiality, integrity, and availability impacts. The vulnerability is currently published with no known exploits in the wild and no patches released yet. The root cause is the insecure handling of search paths, allowing an attacker to influence which binaries are loaded. This flaw can be exploited by placing a crafted binary in a directory that is searched before the legitimate binary, such as the current working directory or a user-writable path. The Autodesk Installer is widely used in professional design and engineering environments, making this vulnerability particularly concerning for organizations relying on Autodesk software for critical workflows.

The impact of CVE-2025-5335 is significant for organizations using Autodesk Installer 2.13 on Windows systems. Successful exploitation grants attackers SYSTEM-level privileges, enabling full control over affected machines. This can lead to unauthorized access to sensitive design files, intellectual property theft, disruption of engineering workflows, and potential lateral movement within networks. The ability to execute arbitrary code with elevated privileges also allows attackers to disable security controls, install persistent malware, or disrupt availability by damaging system components. Given Autodesk's widespread use in industries such as architecture, engineering, construction, and manufacturing, the vulnerability poses risks to critical infrastructure and intellectual property globally. Organizations with lax local security controls or those allowing untrusted users local access are at higher risk. Although no exploits are currently reported in the wild, the high severity and ease of exploitation once local access is obtained make this a pressing threat to address proactively.

Until an official patch is released by Autodesk, organizations should implement specific mitigations to reduce risk: 1) Restrict write permissions on directories included in the installer's search path, especially user-writable locations and the current working directory, to prevent placement of malicious binaries. 2) Use application whitelisting to allow only trusted binaries to execute during installation processes. 3) Educate users to avoid running installers from untrusted locations or sources and to verify installer integrity. 4) Employ endpoint detection and response (EDR) solutions to monitor for suspicious process execution and privilege escalation attempts related to the installer. 5) Isolate systems running Autodesk software to limit local access to trusted personnel only. 6) Monitor Autodesk forums and vendor advisories closely for patch releases and apply updates promptly. 7) Consider using Windows security features such as Controlled Folder Access and Windows Defender Application Control to restrict unauthorized binary execution. These targeted mitigations go beyond generic advice by focusing on controlling the search path environment and local access controls specific to this vulnerability.